2 October 2025

Digital Bytes – privacy, cyber, AI & data update

Helen Clarke, Phillip Magness, Viva Swords, Lydia Cowan-Dillon, Leonie Higgins, Georgia Brown
A close-up photo of a DSLR camera lens with green focus/zoom/aperture rings and orange light reflected in the glass.

This instalment of Digital Bytes fills you in on all the important developments in the privacy, cyber, AI and data space from 2025's Privacy Awareness Week to the latest significant updates from eSafety in social media age-gating and new compliance obligations for permitting access to ‘age-inappropriate’ online material. 

In that time, key legal obligations that have taken effect are:

  • on 10 June 2025 – the tort for serious invasions of privacy in Schedule 2 to the Privacy Act 1988 (Cth) (Privacy Act); and
  • on 1 July 2025 – for entities regulated by the Australian Prudential Regulation Authority (APRA), Prudential Standard CPS 230 on operational risk management, which means that CPS 231 and CPS 232 have been retired.
Australian Clinical Labs agrees to $5.8m penalty over 2022 data breach
OAIC commences civil penalty proceedings in relation to the 2022 Optus data breach
OAIC report praises de-identification of health information used to train AI
DHA releases discussion paper to kick off consultation on Horizon 2 of the Australian Cyber Security Strategy
OAIC’s regulatory action priorities show a focus on emerging technologies and encouraging change
OAIC finds Kmart’s use of facial recognition to be unlawful
Long-awaited guidance on social media minimum age restrictions and new industry codes for ‘age-inappropriate’ online material
Productivity Commission generates discussion with new proposed direction for privacy and AI law reform
Wide-ranging ACCC recommendations in the Digital Platforms Services Inquiry Final Report
Government reviews AI in health care and under the therapeutic goods regime
IBM's latest 'Cost of a Data Breach' report shows the first fall in average global costs
AI developments that should be on Australian businesses’ radar
Other key privacy, cyber, data and AI updates
Looking ahead
How can we assist?

We have a large team of privacy, data protection and cyber specialists, with substantial experience across the whole spectrum of data, privacy and cyber compliance and incident management. 

For a more detailed briefing on any of these updates, or to discuss how we can assist your organisation to manage its risks in these rapidly evolving areas, please get in touch.